Recently, the AI Act, which has officially entered its first formal revision cycle, has seen significant new developments. On March 26, 2026, the European Parliament adopted its First Reading Position on the Digital Omnibus on AI with 569 votes in favor, 45 against, and 23 abstentions. Previously, the Council of the European Union adopted its general negotiating mandate on March 13. With the Parliament and the Council having established their respective negotiating positions, the process will now move to the Trilogue stage involving the European Commission, the Parliament, and the Council. To ensure the AI Act is fully applicable by August 2026, the Trilogue is expected to proceed more rapidly than the standard EU legislative procedure.
As the world’s first comprehensive AI legislation, the AI Act took over three years from proposal to adoption. However, the interval between its formal entry into force on August 1, 2024, and its entry into the revision process in March 2026 was less than 20 months. This timeline suggests that EU AI governance has rapidly transitioned from a legislative phase to an implementation and calibration phase. The current handling of the Commission’s simplification proposal by co-legislators does not follow a singular path of deregulation. Instead, it is increasingly characterized by procedural burden reduction alongside the targeted expansion of boundaries in response to emerging risks. Understanding this shift is of practical significance for assessing the future trajectory of EU AI governance.
On March 26, 2026, the European Parliament voted to adopt a proposal for amending the AI Act
Source: European Parliament
01 Why is the AI Act Being Amended So Quickly?
The legislative process for the AI Act began in April 2021, aiming to establish a risk-based regulatory framework. During the subsequent Trilogue negotiations, the rapid rise of generative AI--exemplified by systems such as ChatGPT--made general-purpose AI (GPAI) models an unavoidable issue. The broad transferability and downstream integration of GPAI models clearly exceeded the original proposal's focus on specific-use risk classification. Consequently, the 2024 version of the AI Act included specific obligations for GPAI models and a phased implementation: prohibited practices and AI literacy obligations took effect on February 2, 2025; GPAI governance rules became applicable on August 2, 2025; and the Act is, in principle, set for full application on August 2, 2026. However, high-risk systems embedded in regulated products were granted a longer transition period until August 2, 2027.
However, implementation challenges became apparent soon after the Act entered into force. The European Commission’s official website indicates that several support tools--particularly those related to high-risk rules and transparency obligations--remain under development. These include guidelines and codes of conduct for AI-generated content labeling and transparency, expected in the second quarter of 2026. While legal deadlines are approaching, the tools intended to reduce compliance uncertainty are not yet fully in place. Against this backdrop, the Commission proposed adjusting the application timeline for high-risk rules by up to 16 months, allowing implementation to occur only once standards and guidelines are more mature.
Beyond practical pressures, macroeconomic competitiveness anxiety has provided strong political momentum. The Commission’s introduction to the Draghi Report (The future of European competitiveness) notes that Europe faces structural pressures, including slowing productivity, demographic shifts, and rising energy costs alongside intensified global competition. Official statements from the Council in March 2026 explicitly framed the current simplification proposal as a response to challenges identified in the Letta Report and the Draghi Report. Furthermore, the November 2024 Budapest Declaration called for a “simplification revolution” to significantly reduce administrative and reporting burdens for businesses, particularly Small and Medium-sized Enterprises (SMEs).
Consequently, the European Commission began proactively amending its own drafted legislation. Since February 2025, the Commission has introduced ten Omnibus legislative packages. The seventh, Omnibus VII on Digital (proposed on November 19, 2025), included two proposals: one to simplify the general digital framework and another specifically targeting the implementation of the AI Act. For the Commission, this represents both a fulfillment of the broader simplification-competitiveness agenda and a systemic response to implementation hurdles.
In November 2025, the European Commission released the Digital Omnibus on AI proposal
Source: European Commission
However, modifying a recently finalized compromise text remains sensitive. As co-legislators from the original Trilogue, the Parliament and the Council tend to defend the hard-won balance within the original articles. The European Parliamentary Research Service (EPRS) noted in its background materials that the core of the current file consists of targeted adjustments to identified implementation issues and the reduction of unnecessary burdens, rather than a ground-up institutional restructuring.
02 Scope and Forms of the Amendment
Comparing the current text of the AI Act, the Commission’s November 2025 simplification proposal, and the negotiating positions of the Parliament and the Council reveals that this amendment is not a simple case of simplification versus stricter rules. Instead, it is a selective adjustment characterized by consensus on procedural changes, friction over fundamental rights thresholds, and localized expansion regarding new risks.
I. Consensus: Extending Timelines and Policy Support
The least controversial but most impactful change for businesses is the postponement of compliance deadlines for high-risk AI systems. Originally, these rules were set to apply in August 2026 and August 2027. According to the Parliament’s First Reading Position on March 26, 2026, the application date for high-risk systems--such as those involving biometrics, critical infrastructure, education, and law enforcement--is proposed for December 2, 2027. Systems subject to EU sector-specific safety legislation are proposed for August 2, 2028. The Parliament also advocates delaying labeling obligations for AI-generated audio, images, and video until November 2, 2026. The Council also supports new fixed application dates.
The Commission’s original proposal suggested a flexible trigger mechanism--where application would depend on the readiness of standards and tools--with a maximum delay of 16 months. Both the Parliament and the Council have rejected this approach, preferring fixed dates. This shift highlights a preference for legal certainty over administrative discretion. Co-legislators seem willing to grant more time but are reluctant to leave the effective dates of key obligations entirely to the Commission’s judgment.
Another consensus area involves expanding support for SMEs and small mid-cap enterprises (SMCs). Both the Commission and the Parliament support extending certain facilitations--such as simplified technical documentation requirements--to SMCs. The Parliament’s press release framed this as a core component of supporting business scale-up, aiming to prevent European firms from facing a compliance cost cliff immediately upon outgrowing SME status.
II. Adjustments: A Pivot Toward Fundamental Rights
Significantly, several substantive simplification measures proposed by the Commission have faced pushbacks. Co-legislators do not necessarily seek to raise original standards but are reportedly unwilling to lower fundamental rights thresholds in the name of burden reduction.
Regarding the processing of sensitive personal data, current positions reflect a compromise: maintaining high thresholds while allowing limited exceptions. The Commission initially sought to broaden the scope for processing sensitive data for bias detection and correction. However, the Parliament’s March 26 position supports this only when strictly necessary. The Council went further, explicitly reinstating the strict necessity standard. In January 2026, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) recommended in a joint opinion that the looser language in the Commission’s proposal be tightened to maintain the existing standards for high-risk systems.
The joint opinion from the EDPB and EDPS provides vital technical support for this amendment process
Source: EDPB
Similar pushback is evident regarding registration obligations. Under the current framework, even if a provider determines a system is not high-risk under Article 6(3), it must still be registered in an EU database. The Council’s March 13 position explicitly reinstated this obligation. The EDPB and EDPS noted that deleting this requirement would reduce transparency and accountability, potentially encouraging providers to over-invoke exemptions. The current approach appears to allow for simplified forms but resists reducing the visibility of potentially risky systems to regulators and the public.
Regarding AI literacy obligations, the focus seems to be on reducing compliance friction while retaining the mandatory nature of the rules. The Commission’s website notes that the proposal requires the Commission and Member States to promote AI literacy and provide ongoing support for businesses, while retaining training obligations for deployers of high-risk systems.
III. New Content: Addressing New Risks and Expanding Boundaries
A relatively unexpected turn in this process is the inclusion of new prohibited practices not found in the Commission’s original simplification proposal. On March 26, the Parliament proposed a ban on nudifier systems--AI used to generate or manipulate sexually explicit or intimate images of identifiable real individuals without their consent. The Council’s March 13 position includes a similar ban, encompassing both unconsented intimate content and child sexual abuse material (CSAM). This suggests that while the process began under the banner of simplification, co-legislators are willing to expand the regulatory scope to counter emerging risks.
This move is directly linked to rising concerns over generative AI’s role in spreading harmful synthetic content. In January 2026, the Commission launched a formal investigation into the platform X under the Digital Services Act (DSA) regarding risks associated with its Grok AI feature, including the spread of manipulated explicit imagery. This reflects a heightened vigilance among EU regulators regarding the diffusion of illegal or harmful synthetic content on large social media platforms.
Another change involves the relationship between the AI Act and sector-specific laws. The Parliament suggested that for products already subject to other sectoral rules, AI Act obligations could be eased to avoid overlapping compliance. While intended to address industry complaints, this may trigger debate during Trilogue negotiations, as it could potentially allow high-risk systems to bypass the full rigor of the AI Act in favor of less direct sectoral frameworks.
Based on currently available texts, the divergences among the three institutions--the Commission, the Council, and the Parliament--primarily center on several key areas. The Commission reportedly emphasizes linking the implementation timeline to the availability of supporting tools, while seeking to reduce the regulatory burden on enterprises through procedural and scope-based adjustments. Conversely, while accepting delays and facilitative measures, the Council and the Parliament appear more inclined to reinstate registration obligations, maintain high thresholds for the processing of sensitive data, and incorporate new risks associated with harmful synthetic content into the list of prohibited practices. This suggests that the actual consensus reached in this revision cycle is not a lowering of standards, but rather a postponement of the timeline and a localized expansion of regulatory scope.
A comparison of institutional positions on amendment topics: Green indicates alignment between the Council and Parliament; orange indicates points of disagreement for Trilogue negotiation
Source: NicFab Blog
03 Drivers of Selective Amendment: Institutions, Politics, and External Pressure
Based on the current trajectory of the amendment process within the European Parliament and the Council of the European Union, the EU appears willing to offer flexibility in procedural arrangements while maintaining stringent constraints on core standards related to fundamental rights and data protection. Simultaneously, there is a reported willingness to expand the regulatory scope regarding emerging technological risks. This multifaceted outcome can be understood across three dimensions: institutional mechanisms, the political landscape, and the external environment.
First, the gatekeeper effect of EU data protection authorities provides technical backing for institutional caution. The January 2026 joint opinion from the EDPB and EDPS supported the general goal of reducing administrative burdens but advised maintaining strict necessity for sensitive data and retaining registration obligations. The high degree of alignment between this opinion and the subsequent stances of the Council and Parliament suggests that data protection authorities have substantially limited the boundaries of burden reduction through institutionalized advisory procedures.
This institutional prudence is also linked to role differentiation. While the Commission proposes simplification to serve the competitiveness agenda, for the Parliament and the Council, these adjustments could touch the fragile balance achieved in 2024. The EPRS has characterized the current file as targeted amendments rather than a reset of regulatory philosophy.
Second, the amendment process reflects a political consensus-building effort. Within the Parliament, there were initially clear divisions. Records show that groups including the Left, the Greens, and the S&D requested the decision to enter negotiations be submitted to a plenary vote. However, the eventual 569-vote majority suggests that the final text achieved an acceptable trade-off: industry-oriented groups secured the timeline and simplification arrangements, while those emphasizing rights maintained the thresholds for sensitive data and registration. The new nudifier ban responded to a cross-party public risk concern.
On March 13, 2026, Marilena Raouna, Cypriot Deputy Minister for European Affairs, announced the Council's agreement on the proposal to simplify AI-related rules
Source: Council of the EU
Third, the macro-environment for the amendment is shaped by internal European lobbying and external transatlantic pressure. On one hand, the transition from simplification to amendment of the AI Act involves the dual intervention of industry lobbying and counter-pressure from civil society organizations. Regarding the Digital Omnibus, both corporate lobbying watchdogs and research institutions have noted that industry representatives held a significant majority in the five “reality check” meetings hosted by the European Commission, while participation from civil society was limited. This process has faced criticism regarding transparency and the balance of interests. In the context of the current AI Act revision, these circumstances suggest that the Commission’s focus on competitiveness and burden reduction emerged against a backdrop of highly active industry demands for regulatory relief. However, based on the current public positions of the European Parliament and the Council of the European Union, industry influence appears primarily concentrated in areas such as deadline extensions, procedural facilitations, and compliance support. In core provisions concerning sensitive data and registration obligations, this influence has not resulted in a systemic downgrading of protections.
On the other hand, transatlantic pressure serves as a backdrop, though its impact appears to be far from one-way. The Council of the European Union has explicitly framed the current simplification proposal within the overarching framework of “enhancing EU competitiveness,” while the European Commission has described the Digital Omnibus as an initiative to make rules “clearer, simpler, and more innovation-friendly.” In this sense, external competitive pressures and internal anxieties over competitiveness have provided political momentum for the amendment. Simultaneously, however, the actual approach of the co-legislators suggests that the EU has not abandoned its established orientation toward rights protection. Rather, the EU appears to be balancing its response to competitiveness concerns with a deliberate effort to avoid creating an impression—at both symbolic and institutional levels—of a systemic retreat from fundamental rights protections under the guise of competitiveness.
04 How to Observe the Ongoing First Amendment?
The first amendment process for the AI Act has now completed the Commission proposal, Council position, and Parliament First Reading stages. The boundaries between the institutions are becoming clear.
Broadly, this process reveals a key feature of EU AI governance: high elasticity in implementation tempo and procedural burdens, combined with marked restraint regarding fundamental rights thresholds and an impulse to expand scope against new harms. While the Commission seeks to use the Digital Omnibus on AI to enhance competitiveness, the Parliament and the Council aim to confine simplification to the procedural level without touching substantive protection standards. In the EU context, simplifying regulation currently points toward adjustments in execution order and documentation rather than a fundamental shift in the governance direction.
The amendment process for the AI Act signals the future direction of the EU's digital governance roadmap
Source: Biometrics News
As global AI governance continues to evolve, two developments merit close attention: (1) the extent to which Trilogue negotiations push procedural burden reduction; and (2) how the boundaries between the AI Act and other sector-specific laws are redefined. These issues will determine whether the EU improves implementation efficiency while maintaining a strong regulatory stance or reshapes the very boundaries of high-risk AI governance.
References
[1] European Commission, “Proposal for a Regulation laying down harmonised rules on artificial intelligence (Artificial Intelligence Act),” COM(2021) 206 final, 21 April 2021.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021PC0206
[2] European Parliament, “Artificial Intelligence Act: delayed application, ban on nudifier apps,” press release, 26 March 2026.
https://www.europarl.europa.eu/news/en/press-room/20260316IPR38219/meps-support-postponement-of-certain-rules-on-artificial-intelligence
[3] European Parliament, “MEPs support postponement of certain rules on artificial intelligence,” press release (committee stage), 18 March 2026.
https://www.europarl.europa.eu/news/en/press-room/20260316IPR38219/
[4] Council of the EU, “Simplification: Council agrees position to streamline EU rules on artificial intelligence,” press release, 13 March 2026.
https://www.consilium.europa.eu/en/press/press-releases/2026/03/13/council-agrees-position-to-streamline-rules-on-artificial-intelligence/
[5] European Parliament, Legislative Train Schedule, “Digital Omnibus on AI,” updated 20 February 2026.
https://www.europarl.europa.eu/legislative-train/package-digital-package/file-digital-omnibus-on-ai
[6] EPRS, “Digital Omnibus on AI,” Briefing PE 782.651, March 2026.
https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2026)782651
[7] EDPB-EDPS Joint Opinion 1/2026 on the Proposal for a Regulation amending Regulations (EU) 2024/1689 and (EU) 2018/1139 (Digital Omnibus on AI), 20 January 2026.
https://www.edpb.europa.eu/system/files/2026-01/edpb_edps_jointopinion_202601_proposal_ai-omnibus_en.pdf
[8] Mario Draghi, “The Future of European Competitiveness,” report to the European Commission, September 2024.
https://commission.europa.eu/topics/strengthening-european-competitiveness/eu-competitiveness-looking-ahead_en
[9] Jadzia Pierce, Dan Cooper, Marty Hansen & Atli Stannard, “MEPs Adopt Joint Position on Proposed Digital Omnibus on AI,” Inside Privacy (Covington & Burling LLP), 20 March 2026.
https://www.insideprivacy.com/uncategorized/meps-adopt-joint-position-on-proposed-digital-omnibus-on-ai/
[10] Morrison Foerster, “EU Digital Omnibus on AI: What Is in It and What Is Not?,” 1 December 2025.
https://www.mofo.com/resources/insights/251201-eu-digital-omnibus
[11] Cooley LLP, “EU AI Act: Proposed ‘Digital Omnibus on AI’ Will Impact Businesses’ AI Compliance Roadmaps,” 24 November 2025.
https://www.cooley.com/news/insight/2025/2025-11-24-eu-ai-act-proposed-digital-omnibus-on-ai-will-impact-businesses-ai-compliance-roadmaps
[12] Hogan Lovells, “EU Digital Omnibus-Where simplification is likely and what businesses should plan for,” 2026.
https://www.hoganlovells.com/en/publications/eu-digital-omnibus-where-simplification-is-likely-and-what-businesses-should-plan-for
[13] Taylor Wessing, “Artificial Intelligence Act (AI Act),” insights page, accessed March 2026.
https://www.taylorwessing.com/en/insights-and-events/insights/artificial-intelligence-act
[14] IAPP (International Association of Privacy Professionals), “EU Digital Omnibus: Analysis of key changes,” November 2025.
https://iapp.org/news/a/eu-digital-omnibus-analysis-of-key-changes
[15] IAPP, “MEPs reach preliminary political agreement on AI omnibus,” March 2026.
https://iapp.org/news/a/meps-reach-preliminary-political-agreement-on-AI-omnibus
[16] CDT Europe (Center for Democracy and Technology), “AI Bulletin: March 2026,” 26 March 2026.
https://cdt.org/insights/cdt-europes-ai-bulletin-march-2026/
[17] eyreACT, “The EU Digital Omnibus Explained: What It Means for EU AI Act Enforcement Dates in 2026,” 2026.
https://eyreact.com/the-eu-digital-omnibus-explained-what-it-means-for-eu-ai-act-enforcement-dates-in-2026/
[18] TechPolicy. Press, “Draghi’s European Competitiveness Report: Key Findings,” 10 September 2024.
https://www.techpolicy.press/draghis-european-competitiveness-report-key-findings/
[19] Carnegie Endowment for International Peace, “The EU’s AI Power Play: Between Deregulation and Innovation,” December 2025.
https://carnegieendowment.org/research/2025/05/the-eus-ai-power-play-between-deregulation-and-innovation
[20] EPRS, “Digital Omnibus on AI [EU Legislation in Progress],” Briefing, 12 February 2026.
https://epthinktank.eu/2026/02/12/digital-omnibus-on-ai-eu-legislation-in-progress/
[21] EU Perspectives, “ ‘Explosive Mix’: How US pressure and Big Tech lobbying are reshaping EU digital rules”, 16 February 2026.
https://euperspectives.eu/2026/02/explosive-mix-us-pressure-and-lobbying-shape-eu-tech-policy/
[22] Deutsche Sozialversicherung Europavertretung, “Digital Omnibus,” 27 November 2025.
https://dsv-europa.de/en/news/2025/11/digital-omnibus.html
[23] “Historic Timeline,” EU Artificial Intelligence Act (Future of Life Institute), accessed March 2026.
https://artificialintelligenceact.eu/developments/
[24] Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act), OJ L, 12 July 2024.
Authors
Yao Xu,Secretary-General of CGAIG and Associate Professor at FDDI
He Wenxiang, Research Assistant of CGAIG
Original Link: https://mp.weixin.qq.com/s/nzKnSA49MbIwJzcgdyVTYA
